Re: VACL on 6509 not active

ianhopkirk · ‎03-12-2004

I have a mac controlled VACL configured on an active vlan interface, however the VACL will not go active until I add an IP access-list. I want to filter bridged traffic within the vlan, what is wrong ?

mac access-list extended mediaserver

permit any host 0002.554f.e693

permit any host 0009.6bce.417a

permit any host 0009.6bce.45d9

permit host 0009.6bce.45d9 any

permit host 0009.6bce.417a any

permit host 0002.554f.e693 any

!

vlan access-map backup 10

match mac address mediaserver

action forward

!

vlan filter backup vlan-list 220

interface Vlan220

ip address 10.105.220.1 255.255.252.0

seilsz · ‎03-12-2004

Is this IP traffic? I don't think IP traffic is access controlled by mac VACLs.

~Zach

ianhopkirk · ‎03-15-2004

How do I control ip traffic being bridged through a 6509 to another switch ? I hoped VACL would give me the opportunity to limit traffic within a vlan.

Any suggestions would be very much appreciated.

tbaranski · ‎03-15-2004

I believe IP VACLs can block intra-VLAN (i.e., bridged) traffic.

skarundi · ‎03-16-2004

that's correct. IP VACLs filter can intra-vlan IP traffic. IPX Vacls filter can filter intra-vlan IPX traffic. MAC VACLs filter any non-IP , non IPX vlan traffic.

Please read the "Configuring Access Control" Guide in the Catalyst 6500 Config Guide on Cisco.com for more details on how VACLs work.

URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/acc_list.htm#1020508